Описание
An issue was discovered on D-Link 6600-AP and DWL-3600AP Ax 4.2.0.14 21/03/2019 devices. There is post-authenticated dump of all of the config files through a certain admin.cgi?action= insecure HTTP request.
Ссылки
- ExploitThird Party AdvisoryVDB Entry
- Vendor Advisory
- Vendor Advisory
- ExploitThird Party AdvisoryVDB Entry
- Vendor Advisory
- Vendor Advisory
Уязвимые конфигурации
Конфигурация 1
Одновременно
cpe:2.3:o:dlink:6600-ap_firmware:4.2.0.14:*:*:*:*:*:*:*
cpe:2.3:h:dlink:6600-ap:-:*:*:*:*:*:*:*
Конфигурация 2
Одновременно
cpe:2.3:o:dlink:dwl-3600ap_firmware:4.2.0.14:*:*:*:*:*:*:*
cpe:2.3:h:dlink:dwl-3600ap:-:*:*:*:*:*:*:*
EPSS
Процентиль: 17%
0.00054
Низкий
5.5 Medium
CVSS3
2.1 Low
CVSS2
Дефекты
NVD-CWE-noinfo
Связанные уязвимости
github
больше 3 лет назад
An issue was discovered on D-Link 6600-AP and DWL-3600AP Ax 4.2.0.14 21/03/2019 devices. There is post-authenticated dump of all of the config files through a certain admin.cgi?action= insecure HTTP request.
EPSS
Процентиль: 17%
0.00054
Низкий
5.5 Medium
CVSS3
2.1 Low
CVSS2
Дефекты
NVD-CWE-noinfo